lordpake
-
Posts
210 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by lordpake
-
-
Are those the only signs of malware? If yes, do you have other security software which might lock down these settings? Is this your computer, or work computer with Group Policies in place? As it is possible systems administrator has disabled both Task Manager and registry editing.
-
What Buttons said.
Yes it is compatible with MBAM free. Free version is nice addition, it offers basically same functionality as MBAM free, that is manual updating and scanning and fully functional threat removal.
Besides that it does have some repair functions too to help restore system functions after malware attack.
-
Regarding autoexec.bat, in my Windows XP Home that file is empty, with no content and filesize 0. File is dated to the day OS was installed.
HTH
Note: it is possible some software in your system has entered custom commands and environmental variables to autoexec.bat.
-
Hi,
without seeing the actual scan log it's not possible to say what important file(s) might have been deleted.
Log file can usually be found in All users - Application data - Malwarebytes folder IIRC.
-
I have no idea about the function of that registry key, however I have never had any infection in this system to my knowledge
Malwarebytes' Anti-Malware 1.45www.malwarebytes.org
Tietokantaversio: 3896
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
22.3.2010 01:57:05
mbam-log-2010-03-22 (01-57-05).txt
Tarkistustyyppi: Flash-tarkistus
Tarkistettuja kohteita: 92211
Kulunut aika: 57 sekunti(a)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 0
Saastuneita kansioita: 0
Saastuneita tiedostoja: 0
Saastuneita muistiprosesseja:
(Ei haitallisia kohteita)
Saastuneita muistimoduuleja:
(Ei haitallisia kohteita)
Saastuneita rekisteriavaimia:
(Ei haitallisia kohteita)
Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protect_ie (Backdoor.Celofot) -> No action taken. [01ADCD28415F739C15682220B794E819]
Saastuneita rekisterikohteita:
(Ei haitallisia kohteita)
Saastuneita kansioita:
(Ei haitallisia kohteita)
Saastuneita tiedostoja:
(Ei haitallisia kohteita)
-
The choice though is up to you but personally I think its a good choice, but then I'm a bit biased too
+1. It's a good addition to your PC
If you have two PCs but only want one license you could always install MBAM paid to the PC that is most at risk. Ie. which one has more "random"/underage users or which one sees more 'Net usage.
-
@MrSlotTech: AFAIK we are talking about TDL-3 rootkit when dealing with infected atapi.sys.
Would you rather have MBAM hosing/bricking clean systems here? As that file can be difficult to clean/replace with clean copy.
-
Darrin, give them only limited rights. Normal user account if possible makes it so they can't infect your entire machine.
-
I seem to be getting awfully lot of IP protection alerts in FB, regarding IPs in that range (like .34 and .41).
Robtex indicates it's a Teliasonera IP range with no blacklistings?
I also have Fx with Adblock + Easylist, so there shouldn't be any ads triggering the alerts.
-
A. Is it typical to receive very frequent notice of IP blocking (average about 1 event per 30 seconds)? If so it would seem to be my desktop that is operating correctly and the laptop has a problem.
Unless you use P2P software in that PC, no it is not typical in my experience to have so many notifications.
-
I too admit being curious as to what comes to Firefox extensions. I don't recall any built-in Mozilla defences against malicious extensions though. I recall there is built-in mechanism to stop extensions being installed in browser main dir, and thus getting used automatically/hidden in background? This is what I mean http://blog.mozilla.com/security/2009/11/1...in-firefox-3-6/
It'd be nice to know MBAM protects against known malicious extensions if/when such exist.
-
They likely won't be fixing it.
See the reply to my thread regarding f/p and Krunchy packer here.
-
Purpose of MBAM is NOT to replace AV. MBAM is there to support your AV when it itself fails
By using only MBAM as active protection you would leave your system vulnerable.
-
I have user in Finnish forum who has issues with Super Pi Mod getting detected when he right-click scans it in Explorer.
He is obviously concerned
super_pi_mod.exe (Malware.Packer.Krunchy) <-- detection
Is this intended behaviour? To detect that file as malicious based on packer?
File is available here hxxp://www.techpowerup.com/downloads/366/mirrors.php
-
Silja, last I checked both versions of MBAM use the same installer. It's just that key unlocks additional features for user.
Fileforum is just another place for hosting the installer.
-
I also get those .72 IP blocks frequently and to the Original Poster, it doesn't seem to affect Facebook.
All it takes is the page occasionally seems to load longer, even though all the content is already there.
So it (the IP block) doesn't appear to do harm to user's FB experience at all. It's just annoying to get that prompt
-
As far as I know the Security Center notifys are in fact fixed by MBAM. Those 'infections' regarding Security Center might not be actual infections at all but values changed from the Windows defaults.
In this case MBAM detects them and when fixing restores them to Windows defaults.
Regarding this I can not comment:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.Does your Quick Scan now come up clean? Please update your MBAM via built-in updater and run Quick Scan.
-
Seems I get IP protection alerts regarding IP 62.41.85.72 when I browse Facebook. I don't use any 3rd party apps there myself so I can't really track this IP down to any specific 'content'.
statik.ak.fbcdn.net or such seems to load slower during the occasions I get IP protection alerts.
-
No porn in that page, sadly
must be me adblockers
-
tt-forums.net / 95.211.11.17
OpenTTD is an open source clone of the Microprose game "Transport Tycoon Deluxe", note the forum domain is different from the openttd.org main site.
-
I have been running MBAM with realtime protection in Vista / MSE. No problems there. To be on the safe side I added process exclusions for MBAM.exe MBAMservice.exe.
-
It's been sometime now but I think I first heard of MBAM in CastleCops forum.
And I don't really think my current IS isn't up to its task, however I am curious and I have a need to know tools I may need when cleaning someone's computer.
That being said, I also use a number of other tools
-
What you describe is a bad case of user stupid... user failing to read and understand any rules and instructions
Usual ways of handling this would be
a. ignore logs posted in wrong places
b. lock the threads posted in wrong places
c. variable of b. delete the threads which might lead to added confusion
d. move the thread to right spot, which also might add confusion to OP because the thread isn't where he left it
e. post in that thread pointing the user to post his log to proper subforum
Unfortunately all these are labour "intensive" options
-
quarantine question
in Malwarebytes for Windows Support Forum
Posted
Yes, you are safe. By deleting it from Quarantine you removed it permanently.
There is also restore-function, that would have restored the infection to your machine
The restore is there in case of false positives.